Basic Security Moonhorse's config 2018

[LDogg]

I like this config, how Neustar recursive DNS performs?

Personally I will remove adwcleaner, and malwarebytes; eventually replacing with FRST and HitmanPro,

Unchecky can be removed too and the list of blocked hosts can be used in place,

If not used, I will add Comodo KillSwitch, I find the only tool that worth being used,

Zemana AntiMalware, unfortunately is not what was some years ago,

Nice config!

P.S. If you use adwcleaner, last build I tried actively employed telemetry,
telemetry-01.adwc.fr33tux.org

I agree that adwcleaner would need to be removed, it's a good product, but I believe that after MBAM made the acquisition, it's gone downhill.

I disagree about your opinion to do with Zemana, it's still one of the best out there. The downside is it's fairly aggressive, due to this some false positives happen and it creates a startup object, but this can be disabled in Task Manager.

Comodo Killswitch is great.

I also disagree with UnChecky, very much needed tool and hardly takes up any CPU.

~LDogg

 

[lowdetection]

@Moonhorse

About DNS, I went long way and builded my one without rely on third-party, I have a PiHole FTLDNS beta running here with Unbound, I don't deny there are problems, but I think is one of the best tools available.



About Zemana, I speak as someone that helped them both with the mobile and the windows app at that time, I feel someone could exploit them, if I don't consider the last beta update, last version is from last year, I know in security field one year is equal to one life, that make me doubts,

for the rest ok

I like UnChecky, I mean this, I use their list, without need of the app:

 

[Moonhorse]

@lowdetection heard about PiHole, but currently dns is kinda useless since i have comodo browser and forticlient is doing webfiltering

Im gonna dump malwarebytes i think

Replace adwcleaner with comodo hijack tool completely
and let zemana take over malwarebytes

I have to see where are those pup alerts from that adwcleaner gave, only thing i have installed today is immunet and comodo already falsed it as malware, sooo...

 

[Arequire]

I have to see where are those pup alerts from that adwcleaner gave, only thing i have installed today is immunet and comodo already falsed it as malware, sooo...

PUP.Optional.Legacy is a generic detection name by AdwCleaner for potentially unwanted programs (PUPs) that have not been classified by family yet.

PUP.Optional.Legacy - Malwarebytes Labs

 

[lowdetection]

Yes, PiHole upstream will catch all, "DNS traffic", unless you setup different subnetworks,

Some months ago I was using SimpleDNSCrypt, but I found unnecessary for my needs, and instead went to PiHole+Unbound an authorative, recursive, DNS server;

Actually is the first line of defense, and is system-wide, means, everyone that go online pass through that; I recently bought some other Raspberry, in the will to reroute all the traffic to a IDS with Suricata and bro, but found out that tee with ddwrt is not really supported at kernel level, so maybe will need to self-compile?

You could also think about RogueKiller, the developer is here on this site, and he is actively updating good products,

In your config I like almost all, which part take care of protection exploit?

Thanks

 

[Moonhorse]

Yes, PiHole upstream will catch all, "DNS traffic", unless you setup different subnetworks,

Some months ago I was using SimpleDNSCrypt, but I found unnecessary for my needs, and instead went to PiHole+Unbound an authorative, recursive, DNS server;

Actually is the first line of defense, and is system-wide, means, everyone that go online pass through that; I recently bought some other Raspberry, in the will to reroute all the traffic to a IDS with Suricata and bro, but found out that tee with ddwrt is not really supported at kernel level, so maybe will need to self-compile?

You could also think about RogueKiller, the developer is here on this site, and he is actively updating good products,

In your config I like almost all, which part take care of protection exploit?

Thanks

Well if anything manages to go throught immunet / comodos av module, firewall will take action.. at last hand everything is user specific

Imo the best option would have system locked behind voodooshield, might be bit overkill for me since i have cf already

Im aware of roguekiller, but im looking for products with regular updates and long lifespan

 

[Moonhorse]

Update:
+ i have added voodooshield

Might be bit overkill, but all these 4 apps are pretty lightweight

+ updated comodo dragon extensions:

Comodo dragon:
- comodo online security
- norton safe web
- decantraleyes
- privacy possum
- nano adblocker
- nano defender
- tunnelbear
- bitwarden

That means im messing with ice dragon ( firefox) and comodo dragon ( chromium)


Still bit confused about yesterdays pups, but scanned computer today with:
- immunet
- comodo
- malwarebytes
- adwcleaner
- zemana
- norton power eraser
- comodo hijack tool
- hitmanpro

None of them finds anything so, i think those pups just were the immunet files
Im not even paranoid

 

[Moonhorse]

Update:

- removed ice dragon
- removed comodo dragon

+ added
Mozilla firefox;
- ublock origin
- privacy possum
- comodo online security
- norton safe web
- decentraleyes
- canvasblocker
- bitwarden

Even mozilla is ram hog, its more stabile than chrome and doesnt feel like driving car without seatbelt
Yeah, im changing my mind pretty often but....

Offtopic: Zemana seems to be very agressive as it false so much stuff; like privacy possum

 

[Moonhorse]

I went too paranoid , with immunet + voodooshield along with comodo internet security
Caused bit problems, since i forgot to exlude voodooshield in immunet settings
also forticlient web filter were turned off

- removed immunet
- removed cis
- removed voodooshield

+ installed forticlient :
- antivirus
- anti-exploit
- sandbox
- webfilter

Yandex browser ( speed dial is insane) :
- norton safe web
- comodo online security
- ublock origin
- nano defender
- privacy possum
- decentraleyes
- canvas defender
- bitwarden

System feels much lighter than before, even forticlient is using more memory than cis did

 

[Evjl's Rain]

I went too paranoid , with immunet + voodooshield along with comodo internet security
Caused bit problems, since i forgot to exlude voodooshield in immunet settings
also forticlient web filter were turned off

- removed immunet
- removed cis
- removed voodooshield

+ installed forticlient :
- antivirus
- anti-exploit
- sandbox
- webfilter

Yandex browser ( speed dial is insane) :
- norton safe web
- comodo online security
- ublock origin
- nano defender
- privacy possum
- decentraleyes
- canvas defender
- bitwarden

System feels much lighter than before, even forticlient is using more memory than cis did

because you are using many realtime protection softwares
you should only use CF or CF+immunet so they will be much much lighter
forticlient is an signature-based AV without any BB => not recommended
forticlient is quite heavy for my taste due to RAM consumption and CPU usage when something is being analyzed

 

[Moonhorse]

because you are using many realtime protection softwares
you should only use CF or CF+immunet so they will be much much lighter
forticlient is an signature-based AV without any BB => not recommended
forticlient is quite heavy for my taste due to RAM consumption and CPU usage when something is being analyzed

Only part i like is web filter,

I always could go eiither:
voodooshield + avast free ( dont like bundled software/ads, minium setup is fine but still irritating) + forticlient webfilter
voodooshield + kaspersky ( system watcher) + forticlient web filter
voodooshield + windows defender + forticlient web filter
voodooshield + Sophos home premium FREE ( with its web filter)

Anyways im getting rid of comodo firewall, i dont have needs to setup anything about firewall, the hips + sandbox + vm were only about it


I'd like to try qihoo 360 too, but scared of ads

 

[Evjl's Rain]

Only part i like is web filter,

I always could go eiither:
voodooshield + avast free ( dont like bundled software/ads, minium setup is fine but still irritating) + forticlient webfilter
voodooshield + kaspersky ( system watcher) + forticlient web filter
voodooshield + windows defender + forticlient web filter
voodooshield + Sophos home premium FREE ( with its web filter)

Anyways im getting rid of comodo firewall, i dont have needs to setup anything about firewall, the hips + sandbox + vm were only about it


I'd like to try qihoo 360 too, but scared of ads

avast with my setup never shows any ad or popup

if you use kaspersky, don't use forticlient web filter because kaspersky is as strong as forti

even avast + syshardener is enough to protect you. Malwarehub results tell

 

[Moonhorse]

avast with my setup never shows any ad or popup

if you use kaspersky, don't use forticlient web filter because kaspersky is as strong as forti

even avast + syshardener is enough to protect you. Malwarehub results tell

True, i just go with kaspersky + syshardener .Well avast as gaming mode permanently wont give popups, and even without i can see like 1-2 a week from my experience so its not that bad

 

[stefanos]

True, i just go with kaspersky + syshardener .Well avast as gaming mode permanently wont give popups, and even without i can see like 1-2 a week from my experience so its not that bad

For avast and avg if you block with the firewall the avastgui and to avg the avgui never you see popups. At 360TS you block the promoutil

 

[Evjl's Rain]

qihoo 360

Qihoo 360's results in the hub was really pathetic
non-existing BB, questionable lite-HIPS module and high FP rate
the cloud signatures are bad, only avira signatures are good enoug. BD's sigs are delayed for 2 days

the only good sign about it is it's lightness. But adding avira signatures will make it a heavier

 

[stefanos]

Qihoo 360's results in the hub was really pathetic
non-existing BB, questionable lite-HIPS module and high FP rate
the cloud signatures are bad, only avira signatures are good enoug. BD's sigs are delayed for 2 days

the only good sign about it is it's lightness. But adding avira signatures will make it a heavier

I'm testing the 360s here for a month. I have seen a great improvement at qihoo signatures.And signatures Bitdefenter not delayed for more than one day. After a long time I am very impressed from 360TS. Works perfect with woodooshield and is very lite. With bitdefender and avira open use about 50 mb ram (.balanced configuration) And my pc have very fast boot time

 

[Evjl's Rain]

bitdefender and avira open use about 50 mb ram

I disagree with it
if you use process explorer to record memory usage, you will see it consumes 200-300-400 easily. 50MB is not everything. They hide the total memory usage
with voodooshield, any AV is good enough

 

[stefanos]

I disagree with it
if you use process explorer to record memory usage, you will see it consumes 200-300-400 easily. 50MB is not everything. They hide the total memory usage
with voodooshield, any AV is good enough

Yes but for my system is the lighter solution with woodooshield. Very fast boot, very fast for the browsers not delay for the aplications. sorry for my english

 

[Evjl's Rain]

Yes but for my system is the lighter solution with woodooshield. Very fast boot, very fast for the browsers not delay for the aplications. sorry for my english

I agree qihoo is very light. but only sufficient when it combines with voodooshield
it will be insufficient to run it alone

 

[Moonhorse]

Update:
- removed forticlient


+ added kaspersky free
+ added voodooshield
+ added syshardener